From 27e4d772489360df387b4bc0d4be38d6eefdd3fe Mon Sep 17 00:00:00 2001 From: LukeeGD Date: Fri, 22 Nov 2019 18:48:41 +0800 Subject: [PATCH] Update stuff --- README.md | 45 ++++++-- downgrader.sh | 315 ++++++++++++++++++++++++++++++++++++++++++++++++++ install.sh | 6 +- restore.sh | 268 ------------------------------------------ 4 files changed, 351 insertions(+), 283 deletions(-) create mode 100755 downgrader.sh delete mode 100755 restore.sh diff --git a/README.md b/README.md index 7cb6b79..f3ba955 100755 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ -# 841-OTA-Downgrader -Script that can be used to downgrade almost any supported 32-bit device to iOS 8.4.1 +# 32bit-OTA-Downgrader +- Script that can be used to downgrade almost any supported 32-bit device to **iOS 8.4.1** +- iPhone 4S and some iPad 2 devices also have the option to downgrade to **iOS 6.1.3** (UNTESTED) +- This can also be used to enter pwnDFU mode for all devices ### Prerequisites: - **Any jailbroken 32-bit iOS device** @@ -7,18 +9,19 @@ Script that can be used to downgrade almost any supported 32-bit device to iOS 8 - **MTerminal** installed on iOS device (10.x users) - iOS 7 Pangu users should install [this](http://apt.saurik.com/debs/io.pangu.axe7_0.3_iphoneos-arm.deb) - iOS 8 Pangu users should install [this](http://apt.saurik.com/debs/io.pangu.xuanyuansword8_0.5_iphoneos-arm.deb) -- A Linux distro on PC (Tested on **Lubuntu 16.04 live USB** and Arch Linux) +- A Linux install or live USB (Tested on Lubuntu **16.04**, Manjaro, and Arch Linux) - For VirtualBox users, add a New USB Filter in the VM settings - For VMWare users, enable Autoconnect USB Devices -- The computer and device must be on the same network +- The computer and device must be on the same network (for SSH) ### How to use: - When the prerequisites are met, usage should be straightforward: 1. Download or `git clone` this repo -2. Open Terminal, cd to the directory where the scripts are located (eg. `cd /home/user/841-OTA-Downgrader`) +2. Open Terminal, cd to the directory where the scripts are located (eg. `cd /home/user/32bit-OTA-Downgrader`) 3. Run `chmod +x install.sh restore.sh` 4. Run `./install.sh` -5. Run `./restore.sh` +5. Run `./downgrader.sh` +6. Select option to be used (8.4.1/6.1.3 downgrade or just enter pwnDFU mode) 6. Follow instructions ### Tools used by this script: @@ -27,7 +30,7 @@ Script that can be used to downgrade almost any supported 32-bit device to iOS 8 - bsdiff (bspatch) - [xpwntool](https://www.youtube.com/watch?v=fh0tB6fp0Sc) - [kloader](https://www.youtube.com/watch?v=fh0tB6fp0Sc) -- [kloader5 (iOS 5)](http://www.pmbonneau.com/cydia/)) +- [kloader5 (iOS 5)](http://www.pmbonneau.com/cydia/) - [kloader_hgsp (iOS 10)](https://twitter.com/nyan_satan/status/945203180522045440) - [futurerestore](https://github.com/tihmstar/futurerestore) @@ -37,23 +40,41 @@ Script that can be used to downgrade almost any supported 32-bit device to iOS 8 ### Supported devices: -#### All iPad 2, iPad 3, iPad 4, iPod 5, iPhone 4S, and iPhone 5 devices (**NOT 5C**) +- (*) Also supports iOS 6.1.3 downgrade +- (**) Enter pwnDFU mode ONLY -- iPad2,1 -- iPad2,2 -- iPad2,3 +#### iPad 2 +- iPad2,1* +- iPad2,2* +- iPad2,3* - iPad2,4 + +#### iPad mini 1 - iPad2,5 - iPad2,6 - iPad2,7 + +#### iPad 3 - iPad3,1 - iPad3,2 - iPad3,3 + +#### iPad 4 - iPad3,4 - iPad3,5 - iPad3,6 + +#### iPod touch 5 - iPod5,1 -- iPhone4,1 + +#### iPhone 4S +- iPhone4,1* + +#### iPhone 5 - iPhone5,1 - iPhone5,2 +#### iPhone 5C +- iPhone5,3** +- iPhone5,4** + diff --git a/downgrader.sh b/downgrader.sh new file mode 100755 index 0000000..a3ea0ea --- /dev/null +++ b/downgrader.sh @@ -0,0 +1,315 @@ +#!/bin/bash + +platform="linux" + +iv_k93=781b9672a86ba1b41f8b7fa0af714c94 +key_k93=db03d63a767b5211d644fccd3e85ef4d5704c94d7589e0fa9ca475a353d8734b + +iv_k94=883c92ed915e4d2481570a062583495b +key_k94=ccfadf3732904885d38f963cce035d7e03b387b67212d526503c85773b58e52f + +iv_k95=460116385cca6d5596221c58ae122669 +key_k95=7852f1fd93d9d49ebea44021081e8f1dffa336d0d3e9517374f8be451dd92eb7 + +iv_k93a=976aa656929ac699fff36715de96876d +key_k93a=5fe5c47b5620c2b40b1ca2bd1764a92d568901a24e1caf8faf0cf0f84ae11b4e + +iv_p101=b21abc8689b0dea8f6e613f9f970e241 +key_p101=b9ed63e4a31f5d9d4d7dddc527e65fd31d1ea48c70204e6b44551c1e6dfc52b5 + +iv_p102=56231fd62c6296ed0c8c411bcef602e0 +key_p102=cdb2142489e5e936fa8f3540bd036f62ed0f27ddb6fec96b9fbfec5a65bc5f17 + +iv_p103=fa39c596b6569e572d90f0820e4e4357 +key_p103=34b359fcc729a0f0d2853e786a78b245ed36a9212c8296aaab95dc0401cf07de + +iv_j1=c3ea87ed43788dfc3e268abdf1af27dd +key_j1=cd3dd7eee07b9ce8b180d1526632cf86dc7fef7d52352d06af354598ab9cf2ef + +iv_j2=32fcd912cb9a472ef2a6db72596ae01c +key_j2=076720d5a07e8011bdda6f6eafaf4845b40a441615cd1d7c1a9cca438ce7db17 + +iv_j2a=e6b041970cd611c8a1561a4c210bc476 +key_j2a=aec6a888d45bd26106ac620d7d4ec0c160ab80276deedc1b50ce8f5d99dcc9af + +iv_p105=a5892a58c90b6d3fb0e0b20db95070d7 +key_p105=75612774968009e3f85545ac0088d0d0bb9cb4e2c2970e8f88489be0b9dfe103 + +iv_p106=fba6d9aaec7237891c80390e6ffa88bf +key_p106=92909dca9bfdb9193131f9ad9b628b1a4971b1cbab52c0ddd114a6253fad96c0 + +iv_p107=1d99e780d96c32a25ca7e4b1c7fe14c0 +key_p107=4e2c14927693d61e1da375e340061521c9376007163f6ab55afbe1a03b901fd3 + +iv_n78=e0175b03bc29817adc312638884e0898 +key_n78=0a0e0aedc8171669c9af6a229930a395959df55dcd8a3ee1fe0f4c009007df3c + +iv_n94=147cdef921ed14a5c10631c5e6e02d1e +key_n94=6ea1eb62a9f403ee212c1f6b3039df093963b46739c6093407190fe3d750c69c + +iv_n41=bd0c8b039a819604a30f0d39adf88572 +key_n41=baf05fe0282f78c18c2e3842be4f9021919d586b55594281f5b5abd0f6e61495 + +iv_n42=fdad2b7a35384fa2ffc7221213ca1082 +key_n42=74cd68729b800a20b1f8e8a3cb5517024a09f074eaa05b099db530fb5783275e + +function Downgrade841 { + iBSS="iBSS.$HardwareModelLower.RELEASE" + DowngradeVersion="8.4.1" + DowngradeBuildVer="12H321" + DowngradeBuildPre="12H143" + Downgrade +} + +function Downgrade613 { + if [ $HardwareModel == iPad2,1 ] || [ $HardwareModel == iPad2,1 ] || [ $HardwareModel == iPad2,1 ] || [ $HardwareModel == iPad2,1 ] + then + iBSS="iBSS.${HardwareModelLower}ap.RELEASE" + DowngradeVersion="6.1.3" + DowngradeBuildVer="10B329" + DowngradeBuildPre="10B146" + Downgrade + else + echo "Your device does not support downgrading to 6.1.3 OTA" + read + fi +} + +function Downgrade { + IPSW="${ProductType}_${DowngradeVersion}_${DowngradeBuildVer}_Restore" + if [ ! -e ${IPSW}.ipsw ] + then + echo "iOS $DowngradeVersion IPSW is missing! Please put the IPSW on the same directory of this script" + exit + fi + + if [ ! -e tools/tsschecker_$platform ] + then + echo "Downloading tsschecker..." + curl -L -# "https://github.com/tihmstar/tsschecker/releases/download/v212/tsschecker_v212_mac_win_linux.zip" -o "tmp/tsschecker.zip" + echo "Extracting tsschecker..." + unzip -j tmp/tsschecker.zip tsschecker_$platform -d "tools/" + chmod +x tools/tsschecker_$platform + echo + fi + if [ ! -e tools/tsschecker_$platform ] + then + echo "Download/extract tsschecker failed. Please run the script again" + exit + fi + + if [ ! -e tools/futurerestore_$platform ] + then + echo "Downloading futurerestore..." + curl -L -# "http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip" -o "tmp/futurerestore.zip" + echo "Extracting futurerestore..." + unzip -j tmp/futurerestore.zip futurerestore_$platform -d "tools/" + chmod +x tools/futurerestore_$platform + echo + fi + if [ ! -e tools/futurerestore_$platform ] + then + echo "Download/extract futurerestore failed. Please run the script again" + exit + fi + + if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ] + then + echo "Downloading ota.json..." + curl -L -# "https://api.ipsw.me/v2.1/ota.json/condensed" -o "tmp/ota.json" + echo 'Copying ota.json to /tmp or $TMPDIR...' + if [ $platform == macos ] + then + cp tmp/ota.json $TMPDIR + else + cp tmp/ota.json /tmp + fi + echo + fi + if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ] + then + echo "Download ota.json failed. Please run the script again" + rm -rf tmp/ + exit + fi + + echo "Downloading OTA Firmware..." + curl -L -# "https://api.ipsw.me/v4/ota/download/${ProductType}/${DowngradeBuildVer}?prerequisite=${DowngradeBuildPre}" -o "tmp/otafirmware.zip" + echo "Extracting BuildManifest.plist..." + unzip -j tmp/otafirmware.zip AssetData/boot/BuildManifest.plist -d "tmp/" + echo + if [ ! -e tmp/BuildManifest.plist ] + then + echo "Download/extract BuildManifest.plist failed. Please run the script again" + rm -rf tmp/ + exit + fi + + echo "Saving $DowngradeVersion blobs with tsschecker..." + if [[ ! $NoBaseband ]] + then + env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i $DowngradeVersion -o -s -e $UniqueChipID -m tmp/BuildManifest.plist + else + echo "Detected device has no baseband" + env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i $DowngradeVersion -o -s -b -e $UniqueChipID -m tmp/BuildManifest.plist + fi + echo + if [ ! -e $(ls *.shsh2) ] + then + echo "Saving $DowngradeVersion blobs failed. Please run the script again" + rm -rf tmp/ BuildManifest.plist + exit + fi + + echo "Extracting $DowngradeVersion IPSW..." + unzip -q ${IPSW}.ipsw -d "$IPSW/" + echo + + pwnDFU + + echo "Will now proceed to futurerestore..." + echo + + while [[ ! $ScriptDone ]] + do + + if [[ ! $NoBaseband ]] + then + sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $(ls *.shsh2) --latest-baseband --use-pwndfu ${IPSW}.ipsw + else + echo "Detected device has no baseband" + sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $(ls *.shsh2) --latest-baseband --use-pwndfu --no-baseband ${IPSW}.ipsw + fi + + echo "futurerestore done!" + echo "If futurerestore failed to download baseband or for some reason, you can choose to retry" + echo "Retry? (y/n)" + read retry + if [ retry != y ] && [ retry != Y ] + then + ScriptDone=1 + fi + + done + + echo "Downgrade script done!" + read +} + +function pwnDFU { + + echo "Decrypting iBSS..." + iv=iv_$HardwareModelLower + key=key_$HardwareModelLower + echo "IV = ${!iv}" + echo "Key = ${!key}" + tools/xpwntool_$platform $IPSW/Firmware/dfu/$iBSS.dfu tmp/iBSS.dec -k ${!key} -iv ${!iv} -decrypt + dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2 + echo + + echo "Patching iBSS..." + bspatch tmp/iBSS.dec2 tmp/pwnediBSS patches/$iBSS.patch + echo + + if [[ $VersionDetect == 1 ]] + then + kloader="kloader_hgsp" + elif [[ $VersionDetect == 5 ]] + then + kloader="kloader5" + else + kloader="kloader" + fi + + if [[ $VersionDetect == 1 ]] + then + WifiAddr=$(ideviceinfo | grep 'WiFiAddress' | cut -c 14-) + WifiAddrDecr=$(echo $(printf "%x\n" $(expr $(printf "%d\n" 0x$(echo "${WifiAddr}" | tr -d ':')) - 1)) | sed 's/\(..\)/\1:/g;s/:$//') + mkdir mountdir + echo "Mounting device using ifuse..." + ifuse mountdir + echo "Copying stuff to device..." + cp "tools/$kloader" "tmp/pwnediBSS" "mountdir/" + umount mountdir + rm -rf mountdir + echo + echo "Enter MTerminal and run these commands:" + echo + echo "su" + echo "(enter root password, default is 'alpine')" + echo "nvram wifiaddr=$WifiAddrDecr" + echo "cd /var/mobile/Media" + echo "chmod 0755 kloader_hgsp" + echo "./kloader_hgsp pwnediBSS" + echo + else + echo "Make sure SSH is installed and working on the device!" + echo "Please enter Wi-Fi IP address of device for SSH connection:" + read IPAddress + echo "Will now connect to device using SSH" + echo "Please enter root password when prompted (default is 'alpine')" + echo + echo "Copying stuff to device..." + scp tools/$kloader tmp/pwnediBSS root@$IPAddress:/ + echo + echo "Entering pwnDFU mode... (press Ctrl+C after entering root password to continue)" + ssh root@$IPAddress "chmod 0755 /$kloader && /$kloader /pwnediBSS" + echo + fi + + echo "Press home/power button once when screen goes black on the device" + + while [[ $pwnDFUDevice == 1 ]] + do + pwnDFUDevice=$(lsusb | grep -c "1227") + sleep 2 + done + + echo "Entering pwnDFU mode successful" + echo + +} + +function MainMenu { + rm -rf iP*/ tmp/ $(ls *.shsh2 2>/dev/null) + mkdir tmp + + HardwareModel=$(ideviceinfo | grep 'HardwareModel' | cut -c 16-) + HardwareModelLower=$(echo $HardwareModel | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//') + ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-) + ProductVersion=$(ideviceinfo | grep 'ProductVersion' | cut -c 17-) + VersionDetect=$(echo $ProductVersion | cut -c 1) + UniqueChipID=$(ideviceinfo | grep 'UniqueChipID' | cut -c 15-) + + clear + echo "******* 32bit-OTA-Downgrader *******" + echo " - by LukeZGD " + echo + + if [ ! $HardwareModel ] + then + echo "Please plug the device in before proceeding" + exit + elif [ $HardwareModel == iPad2,1 ] || [ $HardwareModel == iPad2,4 ] || [ $HardwareModel == iPad2,5 ] || [ $HardwareModel == iPad3,1 ] || [ $HardwareModel == iPad3,4 ] || [ $HardwareModel == iPod5,1 ] + then + NoBaseband=1 + fi + + echo "HardwareModel: $HardwareModel" + echo "ProductType: $ProductType" + echo "ProductVersion: $ProductVersion" + echo "UniqueChipID (ECID): $UniqueChipID" + echo +} + +MainMenu + +select opt in "Downgrade device to iOS 8.4.1" "Downgrade device to iOS 6.1.3" "Put device in pwnDFU mode" "Exit"; do + case $opt in + "Downgrade device to iOS 8.4.1" ) Downgrade841; MainMenu;; + "Downgrade device to iOS 6.1.3" ) Downgrade613; MainMenu;; + "Put device in pwnDFU mode" ) pwnDFUStart; MainMenu;; + "Exit" ) exit;; + *) MainMenu;; + esac +done diff --git a/install.sh b/install.sh index 519a78a..b27009b 100755 --- a/install.sh +++ b/install.sh @@ -6,13 +6,13 @@ function ubuntu { } function arch { - sudo pacman -Sy bsdiff libcurl-compat libpng12 libzip openssl-1.0 usbmuxd + sudo pacman -Sy bsdiff libcurl-compat libpng12 libzip openssl-1.0 usbmuxd usbutils sudo ln -sf /usr/lib/libzip.so.5 /usr/lib/libzip.so.4 } clear -echo "******* 841-OTA-Downgrader *******" -echo " - by LukeZGD " +echo "******* 32bit-OTA-Downgrader *******" +echo " - by LukeZGD " echo echo "Install dependencies" select opt in "Ubuntu 16.04" "Arch Linux"; do diff --git a/restore.sh b/restore.sh deleted file mode 100755 index 042b01c..0000000 --- a/restore.sh +++ /dev/null @@ -1,268 +0,0 @@ -#!/bin/bash - -platform="linux" - -iv_k93=781b9672a86ba1b41f8b7fa0af714c94 -key_k93=db03d63a767b5211d644fccd3e85ef4d5704c94d7589e0fa9ca475a353d8734b - -iv_k94=883c92ed915e4d2481570a062583495b -key_k94=ccfadf3732904885d38f963cce035d7e03b387b67212d526503c85773b58e52f - -iv_k95=460116385cca6d5596221c58ae122669 -key_k95=7852f1fd93d9d49ebea44021081e8f1dffa336d0d3e9517374f8be451dd92eb7 - -iv_k93a=976aa656929ac699fff36715de96876d -key_k93a=5fe5c47b5620c2b40b1ca2bd1764a92d568901a24e1caf8faf0cf0f84ae11b4e - -iv_p101=b21abc8689b0dea8f6e613f9f970e241 -key_p101=b9ed63e4a31f5d9d4d7dddc527e65fd31d1ea48c70204e6b44551c1e6dfc52b5 - -iv_p102=56231fd62c6296ed0c8c411bcef602e0 -key_p102=cdb2142489e5e936fa8f3540bd036f62ed0f27ddb6fec96b9fbfec5a65bc5f17 - -iv_p103=fa39c596b6569e572d90f0820e4e4357 -key_p103=34b359fcc729a0f0d2853e786a78b245ed36a9212c8296aaab95dc0401cf07de - -iv_j1=c3ea87ed43788dfc3e268abdf1af27dd -key_j1=cd3dd7eee07b9ce8b180d1526632cf86dc7fef7d52352d06af354598ab9cf2ef - -iv_j2=32fcd912cb9a472ef2a6db72596ae01c -key_j2=076720d5a07e8011bdda6f6eafaf4845b40a441615cd1d7c1a9cca438ce7db17 - -iv_j2a=e6b041970cd611c8a1561a4c210bc476 -key_j2a=aec6a888d45bd26106ac620d7d4ec0c160ab80276deedc1b50ce8f5d99dcc9af - -iv_p105=a5892a58c90b6d3fb0e0b20db95070d7 -key_p105=75612774968009e3f85545ac0088d0d0bb9cb4e2c2970e8f88489be0b9dfe103 - -iv_p106=fba6d9aaec7237891c80390e6ffa88bf -key_p106=92909dca9bfdb9193131f9ad9b628b1a4971b1cbab52c0ddd114a6253fad96c0 - -iv_p107=1d99e780d96c32a25ca7e4b1c7fe14c0 -key_p107=4e2c14927693d61e1da375e340061521c9376007163f6ab55afbe1a03b901fd3 - -iv_n78=e0175b03bc29817adc312638884e0898 -key_n78=0a0e0aedc8171669c9af6a229930a395959df55dcd8a3ee1fe0f4c009007df3c - -iv_n94=147cdef921ed14a5c10631c5e6e02d1e -key_n94=6ea1eb62a9f403ee212c1f6b3039df093963b46739c6093407190fe3d750c69c - -iv_n41=bd0c8b039a819604a30f0d39adf88572 -key_n41=baf05fe0282f78c18c2e3842be4f9021919d586b55594281f5b5abd0f6e61495 - -iv_n42=fdad2b7a35384fa2ffc7221213ca1082 -key_n42=74cd68729b800a20b1f8e8a3cb5517024a09f074eaa05b099db530fb5783275e - -rm -rf iP*/ tmp/ $(ls *.shsh2) - -HardwareModel=$(ideviceinfo | grep 'HardwareModel' | cut -c 16-) -HardwareModelLower=$(echo $HardwareModel | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//') -ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-) -ProductVersion=$(ideviceinfo | grep 'ProductVersion' | cut -c 17-) -VersionDetect=$(echo $ProductVersion | cut -c 1) -UniqueChipID=$(ideviceinfo | grep 'UniqueChipID' | cut -c 15-) -iBSS="iBSS.$HardwareModelLower.RELEASE" -IPSW="${ProductType}_8.4.1_12H321_Restore" - -clear -echo "******* 841-OTA-Downgrader *******" -echo " - by LukeZGD " -echo - -if [ ! $HardwareModel ] -then - echo "Please plug the device in before proceeding" - exit -elif [ $HardwareModel == iPad2,1 ] || [ $HardwareModel == iPad2,4 ] || [ $HardwareModel == iPad2,5 ] || [ $HardwareModel == iPad3,1 ] || [ $HardwareModel == iPad3,4 ] || [ $HardwareModel == iPod5,1 ] -then - NoBaseband=1 -fi - -echo "HardwareModel: $HardwareModel" -echo "ProductType: $ProductType" -echo "ProductVersion: $ProductVersion" -echo "UniqueChipID (ECID): $UniqueChipID" -echo "iBSS: $iBSS" -echo - - -if [ ! -e ${IPSW}.ipsw ] -then - echo "iOS 8.4.1 IPSW is missing! Please put the IPSW on the same directory of this script" - exit -fi - -mkdir tmp - -if [ ! -e tools/tsschecker_$platform ] -then - echo "Downloading tsschecker..." - curl -L -# "https://github.com/tihmstar/tsschecker/releases/download/v212/tsschecker_v212_mac_win_linux.zip" -o "tmp/tsschecker.zip" - echo "Extracting tsschecker..." - unzip -j tmp/tsschecker.zip tsschecker_$platform -d "tools/" - chmod +x tools/tsschecker_$platform - echo -fi -if [ ! -e tools/tsschecker_$platform ] -then - echo "Download/extract tsschecker failed. Please run the script again" - exit -fi - -if [ ! -e tools/futurerestore_$platform ] -then - echo "Downloading futurerestore..." - curl -L -# "http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip" -o "tmp/futurerestore.zip" - echo "Extracting futurerestore..." - unzip -j tmp/futurerestore.zip futurerestore_$platform -d "tools/" - chmod +x tools/futurerestore_$platform - echo -fi -if [ ! -e tools/futurerestore_$platform ] -then - echo "Download/extract futurerestore failed. Please run the script again" - exit -fi - -if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ] -then - echo "Downloading ota.json..." - curl -L -# "https://api.ipsw.me/v2.1/ota.json/condensed" -o "tmp/ota.json" - echo 'Copying ota.json to /tmp or $TMPDIR...' - if [ $platform == macos ] - then - cp tmp/ota.json $TMPDIR - else - cp tmp/ota.json /tmp - fi - echo -fi -if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ] -then - echo "Download ota.json failed. Please run the script again" - rm -rf tmp/ - exit -fi - -echo "Downloading OTA Firmware..." -curl -L -# "https://api.ipsw.me/v4/ota/download/$ProductType/12H321?prerequisite=12H143" -o "tmp/otafirmware.zip" -echo "Extracting BuildManifest.plist..." -unzip -j tmp/otafirmware.zip AssetData/boot/BuildManifest.plist -d "tmp/" -echo -if [ ! -e tmp/BuildManifest.plist ] -then - echo "Download/extract BuildManifest.plist failed. Please run the script again" - rm -rf tmp/ - exit -fi - -echo "Saving 8.4.1 blobs with tsschecker..." -if [[ ! $NoBaseband ]] -then - env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i 8.4.1 -o -s -e $UniqueChipID -m tmp/BuildManifest.plist -else - echo "Detected device has no baseband" - env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i 8.4.1 -o -s -b -e $UniqueChipID -m tmp/BuildManifest.plist -fi -echo -if [ ! -e $(ls *.shsh2) ] -then - echo "Saving 8.4.1 blobs failed. Please run the script again" - rm -rf tmp/ BuildManifest.plist - exit -fi - -echo "Extracting 8.4.1 IPSW..." -unzip -q ${IPSW}.ipsw -d "$IPSW/" -echo - -echo "Decrypting iBSS..." -iv=iv_$HardwareModelLower -key=key_$HardwareModelLower -echo "IV = ${!iv}" -echo "Key = ${!key}" -tools/xpwntool_$platform $IPSW/Firmware/dfu/$iBSS.dfu tmp/iBSS.dec -k ${!key} -iv ${!iv} -decrypt -dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2 -echo - -echo "Patching iBSS..." -bspatch tmp/iBSS.dec2 tmp/pwnediBSS patches/$iBSS.patch -echo - -if [[ $VersionDetect == 1 ]] -then - kloader="kloader_hgsp" -elif [[ $VersionDetect == 5 ]] -then - kloader="kloader5" -else - kloader="kloader" -fi - -if [[ $VersionDetect == 1 ]] -then - WifiAddr=$(ideviceinfo | grep 'WiFiAddress' | cut -c 14-) - WifiAddrDecr=$(echo $(printf "%x\n" $(expr $(printf "%d\n" 0x$(echo "${WifiAddr}" | tr -d ':')) - 1)) | sed 's/\(..\)/\1:/g;s/:$//') - mkdir mountdir - echo "Mounting device using ifuse..." - ifuse mountdir - echo "Copying stuff to device..." - cp "tools/$kloader" "tmp/pwnediBSS" "mountdir/" - umount mountdir - rm -rf mountdir - echo - echo "Enter MTerminal and run these commands:" - echo - echo "su" - echo "(enter root password, default is 'alpine')" - echo "nvram wifiaddr=$WifiAddrDecr" - echo "cd /var/mobile/Media" - echo "chmod 0755 kloader_hgsp" - echo "./kloader_hgsp pwnediBSS" - echo -else - echo "Make sure SSH is installed and working on the device!" - echo "Please enter Wi-Fi IP address of device for SSH connection:" - read IPAddress - echo "Will now connect to device using SSH" - echo "Please enter root password when prompted (default is 'alpine')" - echo - echo "Copying stuff to device..." - scp tools/$kloader tmp/pwnediBSS root@$IPAddress:/ - echo - echo "Entering pwnDFU mode... (press Ctrl+C after entering root password to continue)" - ssh root@$IPAddress "chmod 0755 /$kloader && /$kloader /pwnediBSS" - echo -fi - -echo "Press home/power button once when screen goes black on the device, then press [enter]" -read -echo "Will now proceed to futurerestore in 5 seconds..." -sleep 5 -echo - -while [ ! $ScriptDone ] -do - - if [[ ! $NoBaseband ]] - then - sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $(ls *.shsh2) --latest-baseband --use-pwndfu ${IPSW}.ipsw - else - echo "Detected device has no baseband" - sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $(ls *.shsh2) --latest-baseband --use-pwndfu --no-baseband ${IPSW}.ipsw - fi - - echo "futurerestore done!" - echo "If futurerestore failed to download baseband or for some reason, you can choose to retry" - echo "Retry? (y/n)" - read retry - if [ retry != y ] && [ retry != Y ] - then - ScriptDone=1 - fi - -done - -rm -rf iP*/ tmp/ $(ls *.shsh2) - -echo "Script done!"